I try to explain my project. I have a server with 2 interfaces one has to offer a website and absolutely nothing else. The other interface will be used to control and manage this server. To the interface of the webserver will be attached a access point to get connected to this server.
The picture Internet ---> eth0 = SERVER |FIREWALL| WebServer = eth1 --> AP --> USER1, USER2, ...
I installed Apache2 and dnsmasq who is now offering DHCP to LAN. What I want to do is to redirect everything from eth1 to eth1 172.28.1.1 port 80. And block everything else. This is just for security.
Thanks!
---- SOLUTION ----
After searching a lot and with the guide of the first response, I get the solution. My problem was to make a captive portal and redirect everything to local ip.
Solution, quite easy. Setup dnsmasq and set this setting:
/etc/dnsmasq.conf
address=/#/172.28.1.1
Block any kind of traffic and redirect it to local ip
# iptables -t nat -I PREROUTING -j DNAT -s 172.28.0.0/16 -p tcp --to-destination 172.28.1.1
# iptables -t nat -I PREROUTING -j DNAT -s 172.28.0.0/16 -p udp --to-destination 172.28.1.1
You can achieve this as follows:
Install a DNS server with a fake root zone, where you direct everything to your ip address 172.28.1.1. (e.g.
* IN A 172.28.1.1
).Install apache on 172.28.1.1.
Of course, you will need to configure DHCP to hand out your fake DNS server's IP address to your clients. Also, make sure that server doesn't forward packets from eth1 to eth0 (i.e. switch off
ip_forward
).